Friday, September 16, 2011

Stable Channel Update

The Chrome Stable channel has been updated to 14.0.835.163 for all platforms.  This release contains the following security fixes. More details about high level features can be found on the Google Chrome blog.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community.
  • [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar.
  • [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
  • [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team.
  • [76771] High CVE-2011-2830: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community.
  • [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc.
  • [$500] [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes.
  • [Mac only] [80680] Low CVE-2011-2842: Insecure lock file handling in the Mac installer. Credit to Aaron Sigel of vtty.com.
  • [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community.
  • [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes.
  • [$1000] [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis.
  • [$1000] [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz.
  • [$500] [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel.
  • [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis.
  • [$500] [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz.
  • [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz.
  • [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno).
  • [$500] [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
  • [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined).
  • [$1000] [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno).
  • [$1000] [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis.
  • [$2000] [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean.
  • [$1000] [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
  • [$1000] [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
  • [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
  • [$1000] [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz.
  • [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG.
  • [$2337] [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov.
  • [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno).
  • [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno).
  • [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
  • [$1000] [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler.
In addition, we would like to thank “send.my.spam.to”, “Feiler89”, miaubiz, The Microsoft Java Team / Microsoft Vulnerability Research (MSVR), Chris Rohlf of Matasano, Chamal de Silva, Christian Holler, “simon.sarris” and Alexey Proskuryakov of Apple for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

The full list of changes is available in the SVN revision log.  Interested in switching to another channel?  Find out how.  If you find a new issue, please let us know by filing a bug.



Anthony Laforge
Google Chrome

27 comments:

shayne said...

It still says chrome 14 windows m why is this not fixed yet since version 13?

Rafael said...

What's new in version 14 final? The only difference I could see was the translation page that won a gray color.

Luboš Motl said...

Dear shayne, "m" means that multiple versions of the Chrome binaries are installed on your computer.

So far V14 works very well for me. I hope that the next one V15 will already synchronize search engines...

nuggetshoops said...

I can't get this update to finish. Update was downloaded for both of my chrome 13.0.782.220 WinXP instances, but each one keeps saying Relaunch Google Chrome to finish updating. After the Relaunch, the message is repeated and it never updates to the 14 version.

laforge@chromium said...

The -m means that your Chrome client has been successfully transitioned to the multi-installer. The reason we are doing this transition is that before we used to have to do two builds/ installers for Chrome and ChromeFrame and we've now effectively unified the installers down to a single "multi-installer" (i.e. the same installer can setup either Chrome or ChromeFrame). From a release management and QA perspective this makes things simpler, easier to test, and less likely to break.

laforge@chromium said...

@nuggetshoops, it might be worth opening up task manager and killing all open chrome.exe processes. On some rare occasions one hangs around after the browser shuts down, so on the update restart we can't swap out the new chrome w/ the running Chrome. Killing the old processes should fix the issue.

nzpossum said...

Why hasn't the API developer guide been updated

petko said...

That letter 'm' is just poking into my eyes. Why don't you just get rid of it?

worsaelee said...

when reading pdfs the scroll bar is missing. Is that suppose to be normal. On the canary build it shows it..

alex.f said...

Doesn't work on MAC OSX 10.6.8. Keeps crashing on start up even when no profile exists. Anybody know how I can go back to v13?

okungnyo said...

For guys complaining about the "m" in the About window, seriously WTF? That single letter is not going to crash your browser. If you don't want to see it, just don't click [About Google Chrome]. Freaking out over nothing. >_>

Antonio Ooi said...

Is it normal that this update takes more than 30 mins to install? Mine has been taking for more than 30 mins and still not yet finish installing... >.<

gahbmwm5 said...

"worsaelee said...
when reading pdfs the scroll bar is missing. Is that suppose to be normal. On the canary build it shows it.."

Hmmmm, I'm on the Beta 14.0.835.163 build and all my PDF show the scroll bars...Win7 64 bit..
What OS?

worsaelee said...

@gahbmwm5

thx for the reply. Im on OS X lion 10.7.1. Its not really a big issue though lol. In lion the scroll bars disappear when you dont scroll but reappears when you do. However, on pdfs it does not appear even when scrolling.

Kay S.T. said...

Chrome doesn't start for me anymore on Fedora 15.

vhanla said...

I don't know what are your plans about Windows 8 (DevPreview)but there it can't save personal stuff (apps, extensions), every time I start Chrome it shows a message saying that it can't load my preferences.

spartan1 said...

Drop-down menus often do not open properly, please fix.

Dan said...

"That letter 'm' is just poking into my eyes. Why don't you just get rid of it?"

or just don't look at "about chrome" constantly? I swear, some people find the stupidest things to complain about.

Marzio said...

Still Shockwave Falsh crash!
But it is so hard to fix?

Det said...

@Dan, agreed.

The unfortunate reason behind that is that it's much easier to be dumb than smart.

Egla said...

Chrome 14 is now the most power-needing Browser on my Macbook. The battery-life is about the half, in contrast to eg. Safari or Firefox. Please fix that, as Chrome is my favourite for ages now

P-A said...

This version is great! I have no problems with favicon Gmail and YouTube. I also noticed that Chrome slightly faster and Stable: D

Mainman678 said...

Can someone please help me out about my issue with built in flash. Here is the link.

http://code.google.com/p/chromium/issues/detail?id=96835

Lew said...

Having the same problems as alex.f. On my Mac (OS X 10.6.8), chrome is terminating immediately after launching. I've tried deleting and manually reloading, with the same result. Not clear to me whether this affects all machines running OS X or only a subset.

abhi said...

The top of chrome (i.e, the omnibox, Minimize/Mazimize/Close icons, etc.) doesnt appear properly until the homepage is completely loaded..

DonnaMarie said...

I am not a "techie", but not computer illiterate either. Anywho, my question is...are we supposed to download any of the "fixes" listed? I tend to err on the side of caution and btw, that's why I'm not particularly pleased that Chrome auto-updated me to a Beta version. I'm having problems using my email account on Chrome (have to use IE for email), and yet Chrome is the only browser that I can use successfully for Youtube and Facebook. Sux to have to keep switching browsers. Does this Beta update fix the extremely high cpu usage of both Chrome and Adobe Flash? I'm still getting the "Flash warnings", too. Ugh! Wish Chrome would work for everything. I really do like it! Thanks for all the techies who work so hard to help! :)

Wonderful Jewelry said...

fashion jewelry
fashion jewelry wholesale
wholesale fashion jewelry
china jewelry wholesale
china fashion jewelry
jewelry wholesale china
fashion jewelry china